| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Heads Up: cirrus-ci is shutting down June 1st |
| Date: | 2026-05-27 22:15:46 |
| Message-ID: | CAOYmi+n8RRmtGUr_fZkYzX5XbGH5+Q0c1M1XMr7ytXbRs1JxJA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, May 27, 2026 at 11:10 AM Andres Freund <andres(at)anarazel(dot)de> wrote:
> > +# Default to the minimum privilege the jobs need (just reading the repo
> > +# contents during checkout). Individual jobs override this when they need
> > +# more, e.g. `cancel-previous` needs `actions: write` to cancel runs.
> > +permissions:
> > + contents: read
>
> I'm not sure I like that we ever need more than that. I'd expect that
> postgresql-cfbot will explicitly disable write permissions for runs.
+1, and +1 for getting rid of the custom cancel, for that reason.
- Do we need to defend our downstream forks from this workflow? (We
have 5,700 of them, apparently.)
- Do the pginfra folks who own the repo need to lock down all the
Actions settings before we ship this? (On my fork, at least, the
default settings were horrifically permissive.)
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2026-05-27 22:17:20 | Re: s/pg_attribute_always_inline/pg_always_inline/? |
| Previous Message | Amit Kapila | 2026-05-27 22:09:45 | Re: Proposal: Conflict log history table for Logical Replication |